Looking for opinion - Loan Employee emailed customer loan information to both his home email and an employee at another bank. The employee then gave his notice to accept a job at this other bank.
SAR reportable? No monetary loss at this point but the intent most likely is to poach the relationship and in that sense he will profit from the activity.

Maybe it's too early to tell, but could this be potential ID Theft in the making?

Well, it was a breach of both privacy and the bank's customer database and therefore it was a Federal criminal offense, so I would say that you should file a SAR.

As this breach has now been identified as having happened, then I would suggest that an IT forensic examination be conducted on this former employee either in-house or hire it done. Your data breach contingency plans should be kicking in full stream. If this former employee did this, imagine what else they could have taken.

You also need to call your regulator directly. They take a dim view of this and have been known to ban people from ever working in a financial institution again for such stupid actions.

If your CEO or President know the higher ups in this other bank, they might want to give them a courtesy call (not to mention the SAR of course) but to give them a heads up on what transpired and that if the bank lands that other customer's account, they can fully expect hearing from the bank's attorney.

I agree that you should contact your regulator after additional research. OCC took action against a former employee that took/used customer information from our bank.

Thanks everyone.
Everything you listed is or has been worked. Just some pushback on the SAR filing and I will stick to my guns that it has to be filed.

You might want to print out the insider abuse article in this and have all that say a SAR should not be filed read the section entitled "What is Insider Abuse?" and then give them an opportunity to amend their stance:

http://www.fincen.gov/news_room/rp/files/sar_tti_23.pdf

Another recent example of how the regulators look at this situation.

Information on three customers, $5,000 personal CMP and basically a lifetime ban from banking as what CEO or President would employ such a person after receiving a copy of this order?

https://www.occ.gov/static/enforcement-actions/ea2018-002.pdf